Know Your Tradeoffs with Impersonation

Be aware that impersonation prevents the efficient use of connection pooling if you access downstream databases by using the impersonated identity. This impacts the ability of your application to scale. Also, using impersonation can introduce other security
vulnerabilities, particularly in multi-threaded applications.

You might need impersonation if you need to:

Flow the original caller's security context to the middle tier and/or data tier of your Web application to support fine-grained (per-user) authorization.

Flow the original caller's security context to the downstream tiers to support operating system level auditing.